全局Kubernetes设置

我们在这里可以配置k8s集群参数。

上游绑定到k8s服务,以及集群网关绑定k8s,都需要先在这里进行配置。

全局kubernetes配置 - 图1

下面我们来配置一个k8s集群。

首先点击Add Kubernetes Cluster 按钮。

全局kubernetes配置 - 图2 全局kubernetes配置 - 图3

给k8s集群起个名字。填写好k8s集群的主机名和端口信息,以及是否验证,和token后点击创建。

k8s集群配置创建成功。

全局kubernetes配置 - 图4

我们连接k8s需要以下权限:

  1. namespace的读取权限: get, list, watch
  2. service的读取权限: get, list, watch
  3. endpoint的读取权限: get, list, watch
  4. pod的读取权限: get, list, watch

k8s使用token来鉴权并获取权限,下面我们介绍如何得到一个拥有以上k8s权限的token。

创建token.yaml文件

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: openresty-edge-serviceaccount
  5.   namespace: default
  7. ---
  8. apiVersion: rbac.authorization.k8s.io/v1
  9. kind: ClusterRole
  10. metadata:
  11.   name: openresty-edge-clusterrole
  12. rules:
  13.   - apiGroups:
  14.       - ""
  15.     resources:
  16.       - namespaces
  17.       - services
  18.       - endpoints
  19.       - pods
  20.     verbs:
  21.       - get
  22.       - list
  23.       - watch
  24. ---
  25. apiVersion: rbac.authorization.k8s.io/v1
  26. kind: ClusterRoleBinding
  27. metadata:
  28.   name: openresty-edge-clusterrole-binding
  29. roleRef:
  30.   apiGroup: rbac.authorization.k8s.io
  31.   kind: ClusterRole
  32.   name: openresty-edge-clusterrole
  33. subjects:
  34.   - kind: ServiceAccount
  35.     name: openresty-edge-serviceaccount
  36.     namespace: default

执行以下命令获取token

  1. $ kubectl apply -f token.yml
  2. $ kubectl describe secret $(kubectl get secret | grep openresty-edge-serviceaccount | awk '{print $1}') | grep "token: " | awk '{print $2}'
  3. eyJhbGciOiJSUzI1NiIsImtpZCI6InJOZkJvNWItMDhYOXBfUGw2czBleWxNWXZBWi1KOXFqQ05GdjVCWUdpc3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50LXRva2VuLTdkMjk5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjkzZTI0MzAtNGFjMi00Y2ZjLWExYzktNzEyZjMxZmM4ZTUzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6b3BlbnJlc3R5LWVkZ2Utc2VydmljZWFjY291bnQifQ.I0x3A0Z1Oe_WQVKtCooYqas6JcQbvSxd0sFpFLecLT4vACDFyB3TsxAoVg1WPIzIue-VXoWUSij9Fa-RCHM_5k_mbY9nyuaJDjq8ziMZdlOHHRcgoACcCjUIK_2-o0D8PaNpHs5X3JZYmbQTXMMjs81Sd0sNsSJ2XIvhwN4Qkg9FCngFxPf_xBWYUh8EbMALde53GyB3LgKwgXu_538skCvoH2SGWXCr6oYc7W1wngHrrmy7Wzq_NlTlL-hQtEz9ST8Rik1zHbItrfQpgmW4d2UOrZ6IL91ZpKDGNS4gNt7pJ8opEvMascg92O28H9Y9kAIgJtOZFBHSQl10DADHBw